Confidentiality - it's your right

Under the Data Protection Act 1998, you have a right to know who
holds personal information about you. This person or organisation is called the data controller. In the NHS, the data controller is usually
your local NHS board and your GP surgery.

audio icon bsl icon easy to read icon large print icon translations icon Download this information as a PDF

image of confidentiality leaflet cover

What do I need to know about my personal health information?

The NHS must keep your personal health information confidential. It is your right. This section explains how the NHS does this.

What is my personal health information?

It is information that identifies you. It includes things like your name, address, date of birth, and postcode. It can be linked to, for example:

  • information about any care and treatment you have received
  • information about your health and lifestyle, and
  • results of tests you have had.

back to top

How and where is my personal health information kept?

It is kept in records. Records can be written on paper, held on computer or both. Records are stored securely in different parts of the NHS.

  • You have a record at your GP surgery.
  • If your GP refers you to a hospital, the hospital will keep a record there.
  • Records can also be held in other places, for example, at your dental surgery or at a clinic you have been to.

The NHS is storing more and more of your personal health information on computer. Eventually all your records may be held on computer. This will make it easier for NHS staff to share information about you so that you get the treatment you need, wherever you are

Your electronic (computer) record will be stored securely. Only staff who are involved in your care will be able to look at your record. And it will be possible to check who has looked at your electronic record.

Your Emergency Care Summary

Most patients in Scotland now have an Emergency Care Summary.  This is some basic information about your health that may help staff if you need urgent medical care when your GP surgery is closed, or when you go to an accident and emergency (A&E) department.  It allows NHS staff looking after you to get important information about your health, even if they cannot contact your GP surgery.

Before any member of staff looks at your Emergency Care Summary, they will usually ask your permission. If you are too unwell to give permission they may need to read your Emergency Care Summary without your agreement, to give you the best possible care.

For more information, see the leaflet 'Your Emergency Care Summary: What does it mean for you?'. You can get a copy from your GP surgery, by phoning the NHS Helpline on 0800 22 44 88, or in the 'Other patient information' section of our website.

back to top

How does the NHS keep my personal health information confidential?

  • All NHS staff have a legal duty to keep information about you confidential.
  • The NHS stores your personal health information securely.
  • Only relevant information is shared inside the NHS or with outside organisations. We explain when and why it's shared in the section below.
  • The NHS will not give information about you to organisations such as benefits agencies, employers or the media without your permission.

back to top

How is my personal health information used?

NHS staff use your information to give you the care and treatment you need. They will share relevant information with other NHS staff involved in your care. This makes caring for you safer, easier and faster.

For example, information is shared if:

  • your GP refers you to a hospital
  • you are moved from one hospital to another
  • you need support at home, such as a visit from a district nurse, or
  • NHS 24 refers you to a GP or another part of the NHS

If you are concerned about your information being shared, see the section 'Your right to object'.

back to top

How else does the NHS use information about my health?

The NHS uses relevant information about your health to help improve NHS services and the health of the public. The NHS may use it, for example:

  • to find out how many people have a particular illness or disease
  • to look at how safe and effective a treatment is, for example, flu vaccinations
  • to check that the NHS is providing a good service
  • to plan how many beds, wards and staff are needed
  • to train students and staff
  • to check that the NHS spends public money properly, and
  • for research

When using information about you, your name, address and other information that identifies you is removed wherever possible. Sometimes the NHS uses information that does identify you. If they do this, they will usually explain how and why your information will be used. If they want to use information that identifies you for teaching or research, they must ask your permission first.

If you don’t want the NHS to use your information to help improve public health and NHS services, you can object. See the section 'Your right to object'.

back to top

When can my personal health information be shared outside the NHS?

Your personal health information may be given to other people who need to know relevant information about your health – for example a carer, a home help, or a social worker. Usually, it will only be given to them if:

  • you have agreed, and
  • they need it to be able to give you care and treatment.

Usually the NHS will not share your personal health information with people such as a relative, carer or friend without your permission. However, there are exceptions:

  • If you are a child, and your doctor doesn’t think you can make decisions about your health care, someone with parental responsibility for you may be allowed to see your records and discuss your care. Our leaflet 'Confidentiality - your rights' has more information on this.
  • If you are an adult who cannot make decisions for yourself, or cannot tell others your decisions, the law allows someone to see your records and discuss your care, if:
    • you have given them a welfare power of attorney, or
    • a court has given them a welfare guardianship or a welfare intervention order.

In these cases, the person allowed to see your health information:

  • will only be able to see information that is necessary for them to make particular decisions for you about your health care, and
  • will not receive information that staff feel would be harmful to your health or the health of others.

Sometimes the law allows the NHS to share your personal health information without your permission, for example, to investigate a serious crime or to protect a child.

back to top

Page last edited: 08 February 2010

What are my rights?